Objectives

  • Minimize business risk.
  • Internal data access controls.
  • Comply with legal & regulatory requirements.
  • Information Security and Availability.

Process

  • Review IT policies and procedures.
  • Verify IT configuration and versioning.
  • Develop an appropriate test strategy.
  • Test controls to ensure effectiveness.

Outcome

  • Catalog control deficiencies.
  • Record policy and procedure weaknesses.
  • Find lapses in data access safeguards.
  • Identify deficiencies in physical security.
Audit Services Cycle
Audit Services Cycle
Network Performance Audit
  • Examine network design documentation.
  • Create configuration database with version control.
  • Observe latency, throughput, error rate, and QoS.
  • Comprehensive Reports.
    • Perfomance issues found.
    • Deficiencies in documentation.
    • Deficiencies in configuration management.
    • Recommendations for improvement.
Security Audit
  • Identify internal and external vulnerabilities.
  • Quantify and Prioritize risks.
  • Discover assets and track ownership.
  • Identify rogue devices.
  • Propose solutions for mitigation.
  • Compliance based Reports — PCI, HIPAA, GLBA, FISMA, & SOX.
  • Best practices (ITIL, OSSTMM, ISO 27001)
Active Directory Audit
  • Security Issues presented by AD
    • Bad Actors using AD for presistent attacks.
    • Attackers modify logs to remain undetected.
  • Test for vulnerabilities
    • Uncover excess access permissions.
    • Identify stale user and computer accounts.
    • Trace AD Changes to users making them.
    • Review group policies and their assignment.
    • Look for brute force attacks.
  • Report vulnerabilities and mitigation options.
Perimeter Penetration Tests
  • Reconnaissance - Gather details of the network.
  • Network Scanning
    • Port and vulnerability scans.
    • Locate entry points that can be targetted.
  • Penetration - find exploitable vulnerabilities.
  • Comprehensive report
    • Report identified vulnerabilities.
    • Propose options to resolve them.